CVE-2026-6725

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-35036 Ech0 Affected by Unauthenticated Server-Side Request Forgery in Website Preview Feature

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview editor fetches a page title through GET /api/website/title. That is legitimate product behavior, but the implementation is unsafe: the route is unauthenticated, accepts ...

Ech0 代码问题漏洞

Ech0 is a self-hosted personal microblogging platform developed by L1nSn0w. Versions of Ech0 prior to 4.2.8 had code vulnerabilities. These vulnerabilities stemmed from the use of the GET /api/website/title route for link previews. This route lacked authentication and accepted URLs that could be...

EUVD-2026-15829

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

CVE-2026-32485

Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through = 4.2.8...

PT-2026-28001

Name of the Vulnerable Software and Affected Versions weDevs WP User Frontend versions prior to 4.2.9 Description An authorization issue exists in weDevs WP User Frontend. Incorrectly configured access control security levels can be exploited. Recommendations Update to a version prior to 4.2.9...

WordPress WP User Frontend plugin <= 4.2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WP User Frontend versions = 4.2.8...

EUVD-2026-12202

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draftpost function in all versions up to, and including, 4.2.8. This makes it...

WordPress plugin User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-25537

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the draft post function in all versions up to, and including, 4.2.8. This makes it...

WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.2.8 - Authenticated (Author+) Arbitrary File Upload vulnerability

Authenticated Author+ Arbitrary File Upload vulnerability discovered by Williwollo CybrX in WordPress Plugin WP User Frontend versions = 4.2.8...

EUVD-2026-8875

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WPUFAdminSettings::checkfiletypeandext' function and in the...

CVE-2026-1565

The CVE-2026-1565 entry describes a vulnerability in the WordPress plugin WP User Frontend (AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration) up to version 4.2.8. Root cause: incorrect file-type validation in WPUF_Admin_Settings::check_filetype_and_ext and Admi...

CVE-2025-69325

Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through = 4.2.8...

PT-2026-21141

Name of the Vulnerable Software and Affected Versions Primer MyData for Woocommerce versions through 4.2.8 Description The software contains a path traversal flaw. The issue allows attackers to potentially access files and directories outside the intended scope by manipulating file paths using th...

CVE-2025-67735 Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...

EUVD-2023-1811

Malicious code in bioql PyPI...

PT-2025-39243

Name of the Vulnerable Software and Affected Versions MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress versions prior to 4.2.9 Description The software is susceptible to unauthorized data modification, potentially allowing attackers to escalate privileges...

OPENSUSE-SU-2025:15447-1 jasper-4.2.8-2.1 on GA media

These are all security issues fixed in the jasper-4.2.8-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-22165

This Medium severity ACE Arbitrary Code Execution vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE Arbitrary Code Execution vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to...